Polled about their organization’s approaches to identity and access management, audit and compliance professionals in industry and government expressed a high level of frustration with how their IT and business management units are managing IAM.

Almost half (45%) of the 845 respondents questioned by the Ponemon Institute for the research study released today said their own organization does not effectively focus its IAM policies and controls on areas of business risk.

The compliance professionals, 68% of whom said IAM products were in use in their organizations, also expressed frustration that IT and business management groups weren’t collaborating well in deploying IAM.

“The compliance and audit folks think collaboration is important, but they acknowledge their companies’ shortfall in this area,” says Larry Ponemon, chairman and founder of the research firm, which focuses on privacy, data breach and security topics. The “Audit & Compliance Professionals: Survey on Identity Compliance” study released today by Ponemon was sponsored by SailPoint Technologies.

Access control, password management, user provisioning and role management constitute aspects of IAM that respondents said were used to meet such regulatory compliance requirements as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and privacy laws.

However, 65% of the professionals surveyed in the Ponemon study complained that “IT staff lacks understanding of risk management and compliance,” a drawback that made it difficult to implement IAM controls effectively. The IT department in most cases was deemed the most responsible for selecting, deploying and monitoring IAM products in the organization.

In addition, the poll reflected the opinion that IT departments and audit and business people often do not collaborate well on issues concerning IAM compliance. Of those polled, 61% said “there is no collaboration whatsoever” or “collaboration rarely occurs"; 25% called it “okay, but could be improved,” and 14% calling it “excellent.”

Ponemon said the results of the study indicate that according to the respondents, “the IT people don’t have an appreciation of audit and compliance, what the rules are, and don’t prioritize compliance. They think IT cares more about efficiency.”

He added a similar survey of IT people undertaken last February on the same topic showed the flip side of the coin, with IT professionals unhappy with audit and compliance professionals.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports